I am currently learning how to disassemble Mach-O Binary Files and I am trying to figure out how to understand a 'Symbol Table' (in load cmd LC_SYMTAB).
How Do I Read / Interpret A Symbol Table and its entries? I am not 100% of this but it appears that the entries are 8 bytes each? (correct me if I'm wrong)
I know that a string table is a group of strings separated by null bytes but what is a Symbol Table and its purpose?
Thanks.
Straight from <mach-o/nlist.h>:
struct nlist {
union {
uint32_t n_strx; /* index into the string table */
} n_un;
uint8_t n_type; /* type flag, see below */
uint8_t n_sect; /* section number or NO_SECT */
int16_t n_desc; /* see <mach-o/stab.h> */
uint32_t n_value; /* value of this symbol (or stab offset) */
};
struct nlist_64 {
union {
uint32_t n_strx; /* index into the string table */
} n_un;
uint8_t n_type; /* type flag, see below */
uint8_t n_sect; /* section number or NO_SECT */
uint16_t n_desc; /* see <mach-o/stab.h> */
uint64_t n_value; /* value of this symbol (or stab offset) */
};
So no, that shouldn't be 8 bytes, but rather 12 bytes for 32-bit and 16 bytes for 64-bit binaries.